<?php
/*
    Copyright 2010 Justin Lipton, Jonathan Rosenberg
    
    This file is part of MediaList.

    MediaList is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    MediaList is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with MediaList.  If not, see <http://www.gnu.org/licenses/>.
*/

$name=$_GET["name"];
$p = $_GET["p"];

$con = mysql_connect("localhost", "root");
if (!$con)
{
    die('Could not connect: ' . mysql_error());
}

mysql_select_db("DB", $con);

$db = new mysqli("localhost", "root",null , "DB");
$stmt = $db -> prepare("SELECT password FROM Users WHERE Username=?");
$stmt -> bind_param("s", $name);
$stmt -> execute();
$stmt -> bind_result($row['Password']);
$stmt->fetch();

$error = "";

/*$sql="SELECT Password FROM Users WHERE Username='".$name."'";

$result = mysql_query($sql, $con);

$row = mysql_fetch_array($result);*/

if($row['Password']==null)
{
    $error= "Username is not registered. <a href=register.php>Register</a>";
}
else if($row['Password']!=md5($p))
{
    $error="Incorrect password";
}
            
if($error=="")
{
    setcookie("user", $name, time()+36000);
    echo "<meta http-equiv=\"REFRESH\" content=\"2;url=index.php\">";
    echo "Successful Login, redirecting in 2 seconds";
}
else
{
    echo $error;
}
mysql_close($con);
?>